I'm attempting to port an existing xinetd service from CentOS 6 to something equivalent with systemd for CentOS 7
The existing xinetd config uses the attributes 'only_from' to limit connections from a limited set of remote hosts and 'banner_fail' to print a suitable error message when access is denied
However, I can't find suitable 'equivalents' with systemd socket/service files on CentOS 7
It appears later versions of systemd supports the option IPAddressAllow= (which is what I think I need ?)
Does anyone know how to limit the remote hosts that can connect to a port with CentOS 7's systemd ?
Also, how to implement the equivalent of 'banner_fail' ? (not absolutely required, but nice to have)
Thanks
James Pearson
James Pearson wrote:
I'm attempting to port an existing xinetd service from CentOS 6 to something equivalent with systemd for CentOS 7
The existing xinetd config uses the attributes 'only_from' to limit connections from a limited set of remote hosts and 'banner_fail' to print a suitable error message when access is denied
However, I can't find suitable 'equivalents' with systemd socket/service files on CentOS 7
It appears later versions of systemd supports the option IPAddressAllow= (which is what I think I need ?)
Does anyone know how to limit the remote hosts that can connect to a port with CentOS 7's systemd ?
Also, how to implement the equivalent of 'banner_fail' ? (not absolutely required, but nice to have)
I managed to do what is needed by creating a simple ExecStartPre script that checks if the $REMOTE_ADDR env var is in a list of my 'only_from' IP addresses - and exits with zero if it is or exits with non-zero if not
The non-zero status from the ExecStartPre script causes the whole service instance to fail
The ExecStartPre script also writes my 'banner_fail' message to stdout when it fails - which is what I want
James Pearson
On Wed, 8 Aug 2018 12:59:09 +0000 James Pearson james-p@moving-picture.com wrote:
James Pearson wrote:
I'm attempting to port an existing xinetd service from CentOS 6 to something equivalent with systemd for CentOS 7
The existing xinetd config uses the attributes 'only_from' to limit connections from a limited set of remote hosts and 'banner_fail' to print a suitable error message when access is denied
However, I can't find suitable 'equivalents' with systemd socket/service files on CentOS 7
It appears later versions of systemd supports the option IPAddressAllow= (which is what I think I need ?)
Does anyone know how to limit the remote hosts that can connect to a port with CentOS 7's systemd ?
Also, how to implement the equivalent of 'banner_fail' ? (not absolutely required, but nice to have)
I managed to do what is needed by creating a simple ExecStartPre script that checks if the $REMOTE_ADDR env var is in a list of my 'only_from' IP addresses - and exits with zero if it is or exits with non-zero if not
The non-zero status from the ExecStartPre script causes the whole service instance to fail
The ExecStartPre script also writes my 'banner_fail' message to stdout when it fails - which is what I want
Thanks for taking time to tell us about the solution.
/Peter
-
James Pearson -
Peter Kjellström